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DETAILED ACTION 

1 . This is in response to the arguments filed on 2 October 2007. 

2. Claims 1, 3-8, 10, 11 and 26-38 are pending in the application. 

3. Claims 1, 3-8, 10, 1 1 and 26-38 have been rejected. 

4. Claims 2, 9 and 12-25 have been cancelled. 

Response to Arguments 

5. Applicant's arguments filed 2 October 2007 have been fully considered but they are not 
persuasive. 

On page 2, the applicant argues that Sistanizadeh fails to teach or suggest the recited 
DHCP relay agent of claim 1 . 

The examiner respectfully disagrees. On page 14 of the applicant's specification, a 
DHCP relay agent is defined as a DHCP relay agent is a process that executes on an intermediate 
device to forward DHCP messages between DHCP client and DHCP server. Sistanizadeh 
discloses that messages from the DHCP are not broadcast, but are filtered by the Ethernet switch 
so that it arrives at the intended user only. By the applicant's definition of a DHCP relay agent, 
the Ethernet switch would server as the DHCP relay agent. 

On page 3, the applicant argues that Sistanizadeh fails to teach or suggest the recited 
second message of claim 1 . 

The examiner respectfully disagrees. Sistanizadeh discloses a Wide Area Network- 
Maintenance Administration Center (WAN-MAC) will monitor the Gateway Router, Ethernet 
Switch and have visibility of the ADSL equipment. As previously described with reference to the 
Access Architecture, ADSL Alarm information is collected via the M&P Device and transmitted 
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to a concentrator in the SNMP format. The SNMP messages are translated into TL1 and 
transmitted via the Packet Data network to the TNM-OSS. The SNMP messages would have 
been the second message of claim 1 . 

On page 4, the applicant argues that Sistanizadeh fails to teach or suggest the "hand off. 
In response to applicant's argument that the references fail to show certain features of applicant's 
invention, it is noted that the features upon which applicant relies (i.e., "hand off) are not recited 
in the rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

6. Claims 1, 3, 6, 7, 9-11, 26-30, 32-35, 37 and 38 are rejected under 35 U.S.C. 102(b) as 
being anticipated by Sistanizadeh et al U.S. Patent No. 5,790,548. 

As to claim 1 5 Sistanizadeh et al discloses a method of assigning a network address to a 
host based on authentication for a physical connection between the host and an intermediate 
device, the method comprising the computer-implemented steps of: 

receiving, at a router hosting an authenticator process for the host, from a 
first server that provides authentication and authorization, in response to a request 
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for authentication for the physical connection, first data indicating at least some of 
authentication and authorization information [column 17, lines 26-39]; 

receiving, at a DHCP relay agent process of the router, from the host, a 
DHCP discovery message for discovering a logical network address for the host 
[column 9 line 61 to column 10 line 14]; 

generating at the DHCP relay agent process a second message that 
comprises the DHCP discovery message and the first data [column 12 line 31 to 
column 13 line 56]; and 

sending the second message from the DHCP relay agent process to a 
DHCP server that provides the logical network address for the host [column 12 
line 31 to column 13 line 56]. 

wherein generating the second message further comprises the step 

of sending a third message, from the authenticator process to the relay 

agent process, that contains at least some of the authentication and 

authorization information based on the first data [column 12 line 31 to 

column 13 line 56]. 

As to claims 3, 29 and 34, Sistanizadeh et al discloses a method as recited, wherein: 
step of generating the second message further comprises the steps of: 

storing second data based on the first data by the authenticator 
process [column 12 line 31 to column 13 line 56]; and 
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retrieving the second data by the relay agent process in response to 
the step of receiving the first message [column 12 line 31 to column 13 
line 56]. 

As to claim 6, Sistanizadeh et al discloses that the physical connection comprises an 
Ethernet interface card on the router [column 7 line 66 to column 8 line 22]. 

As to claims 7, 30 and 35, Sistanizadeh et al discloses that the physical connection 
comprises a wireless Ethernet encryption key and time slot [column 12, lines 47-67]. 

As to claim 9, Sistanizadeh et al discloses that the second message is based on a dynamic 
host configuration protocol (DHCP) [column 1 1, lines 40-55]. 

As to claims 10, 32 and 37, Sistanizadeh et al discloses that the first data includes user 
class data indicating a particular group of one or more authorized users of the host [column 12 
line 31 to column 13 line 56]. Sistanizadeh et al discloses that the step of generating the second 
message is further based on the user class data [column 12 line 31 to column 13 line 56]. 

As to claims 1 1, 33 and 38, Sistanizadeh et al discloses a method as recited, wherein: 

the first data includes credential data indicating authentication is 
performed by the first server [column 12, lines 3-20], and 

the step of generating the second message is further based on the 
credential data [column 12, lines 3-20]. 
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As to claim 26, Sistanizadeh et al discloses an apparatus for assigning a network address 
to a host based on authentication for a physical connection between the host and an intermediate 
device, comprising: 

means for receiving, at a router hosting an authenticator process for the 
host, from a first server that provides authentication and authorization, in response 
to a request for authentication for the physical connection, first data indicating at 
least some of authentication and authorization information [column 1 7, lines 26- 
39]; 

means for receiving, at a DHCP relay agent process of the router, from the 
host, a DHCP discovery message for discovering a logical network address for the 
host [column 9 line 61 to column 10 line 14]; 

means for generating at the DHCP relay agent process a second message 
that comprises the DHCP discovery message and the first data [column 12 line 31 
to column 13 line 56]; and 

means for sending the second message from the DHCP relay agent process 
to a DHCP server that provides the logical network address for the host [column 
12 line 31 to column 13 line 56]; 

wherein generating the second message further comprises the step 

of sending a third message, from the authenticator process to the relay 

agent process, that contains at lest some of the authentication and 

authorization information based on the first data [column 12 line 31 to 

column 13 line 56]. 
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As to claim 27, Sistanizadeh et al discloses an apparatus for assigning a network address 
to a host based on authentication for a physical connection between the host and an intermediate 
device, comprising: 

a network interface that is coupled to a data network for receiving one or 
more packet flows therefrom [column 7 line 66 to column 8 line 22]; 

a physical connection that is coupled to the host [column 7 line 66 to 
column 8 line 22]; 

a processor [column 7 line 66 to column 8 line 22]; 

one or more stored sequences of instructions which, when executed by the 
processor, cause the processor to carry out the steps of: 

receiving, at an authenticator process for the host, through the 
network interface from a first server that provides authentication and 
authorization, in response to a request for authentication for the physical 
connection, first data indicating at least some of authentication and 
authorization information [column 17, lines 26-39]; 

receiving, at a DHCP relay agent process, through the physical 
connection from the host, a DHCP discovery message for discovering a 
logical network address for the host [column 9 line 61 to column 10 line 
14]; 

generating at the DHCP relay agent process a second message that 
comprises the DHCP discovery message and the first data [column 12 line 
31 to column 13 line 56]; and 
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sending through the network interface the second message from 
the DHCP relay agent process to a DHCP server that provides the logical 
network address for the host [column 12 line 31 to column 13 line 56]; 

wherein generating the second message further comprises the step 
of sending a third message, from the authenticator process to the relay 
agent process, that contains at least some of the authentication and 
authorization information based on the first data [column 12 line 31 to 
column 13 line 56]. 

As to claim 28, Sistanizadeh et al discloses a computer-readable storage medium carrying 
one or more sequences of instructions for assigning a network address to a host based on 
authentication for a physical connection between the host and an intermediate device, which 
instructions, when executed by one or more processors, cause the one or more processors to 
carry out the steps of: 

receiving, at a router hosting an authenticator process for the host, from a 
first server that provides authentication and authorization, in response to a request 
for authentication for the physical connection, first data indicating at least some of 
authentication and authorization information [column 17, lines 26-39]; 

receiving, at a DHCP relay agent process of the router, from the host, a 
DHCP discovery message for discovering a logical network address for the host 
[column 9 line 61 to column 10 line 14]; 
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generating at the DHCP relay agent process a second message that 

comprises the DHCP discovery message and the first data [column 12 line 31 to 

column 13 line 56]; and 

sending the second message from the DHCP relay agent process to a 

DHCP server that provides the logical network address for the host [column 12 

line 31 to column 13 line 56]; 

wherein generating the second message further comprises sending 
a third message, from the authenticator process to the relay agent process, 
that contains at least some of the authentication and authorization 
information based on the first data [column 12 line 31 to column 13 line 
56]. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 4 and 5 are rejected under 35 U.S.C. 103(a) as being unpatentable over 

Sistanizadeh et al U.S. Patent No, 5,790,548 as applied to claim 1 above, and further in view 

of Park US 2002/0026573 Al. 

As to claims 4 and 5, Sistanizadeh et al does not teach that Jhe first server is an 
authentication, authorization and accounting server. Sistanizadeh et al does not teach that that 
the first server is a RADIUS protocol server. 

Park teaches an authentication, authorization and accounting (AAA) server that uses the 
RADIUS protocol [0013. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Sistanizadeh et al so that the first server sould 
have been an AAA server that utilized the RADIUS protocol. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Sistanizadeh et al by the teaching of Park because the 
RADIUS protocol message has an authenticator field for authenticating the value of the 
authenticator is a value that the Foreign Agent produces arbitrarily. This value is not to be 
repeated; a value that has been used beforehand should not be used again. The reason why the 
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authenticator is used as an arbitrary value is to prevent a hacker from stealing a message for 
malicious purposes. If the authenticator were fixed according to a message, a hacker could get a 
normal access-accept message from the AAA server by using the authenticator of a message 
produced on the basis of the commonly held secret key even though the hacker is not privy to the 
value of the shared secret key. Thus, the authenticator value needs to be changed every time a 
message is generated, thereby preventing the hacker from attacking [0013]. 
8. Claims 8, 31 and 36 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sistanizadeh et al U.S. Patent No. 5,790,548 as applied to claims 1, 26 and 27 above, and 
further in view of Bahl et al U.S. Patent No. 6,782,422 Bl. 

As to claims 8, 31 and 36, Sistanizadeh et al does not teach that the request for 
authentication is based on an Institute of Electrical and Electronics Engineers (IEEE) 802. lx 
standard. 

Bahl et al teaches authentication based on an Institute of Electrical and Electronics 
Engineers (IEEE) 802. lx standard [column 1 1, lines 52-58]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Sistanizadeh et al so that the request for 
authentication was based on an Institute of Electrical and Electronics Engineers (IEEE) 802. lx 
standard. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Sistanizadeh et al by the teaching of Bahl et al because that 
standard of protocol is more secure connection and higher level of authentication [column 11, 
lines 52-58]. 
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Conclusion 

9. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793, 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Aravind K Moorthy 1 
December 4, 2007 
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